Title: Anti-Phishing Phil: A Game that Teaches People Not to Fall for Phish
1Anti-Phishing Phil A Game that Teaches People
Not to Fall for Phish S. Sheng, B. Magnien, P.
Kumaraguru, A. Acquisti, L. Cranor, J. Hong and
E. Nunge
Goals
Evaluation
- Conditions Existing training material, Game
tutorial, and the Game - 14 participants in each condition
- Participants tested before and after the training
- Task Examine 10 websites and determine which
ones are phishing sites
- Anti-Phishing Phil is a game that teaches people
how to protect themselves from phishing attacks - It teaches people how to identify phishing URLs,
where to look for cues in web browsers, and how
to use search engines to find legitimate sites
Results
Game Design
- Story Main character, Phil, a young fish wants
to eat worms so he can grow up. He has to be
careful of phishers that try to trick him with
fake worms - Mechanics
- Get points for eating good worm or rejecting fake
worms - Lose life for eating fake worms
- Can ask father for help
- Game tutorial
- Dont forget about the URL
- The middle part of the URL tells you the name of
the site - When in doubt, use a search engine
- Know the enemies tricks
- Participants ability at spotting phishing sites
improves after playing the game improvements is
greater for game than for other conditions - Participants who played the game are more
confident in their judgments - Participants prefer the game to other training
methods
Illustration of Signal Detection Theory (SDT). We
treat legitimate sites as non signal, and
phishing sites as signal. The sensitivity (d)
measures users ability to discern signal from
noise. Criterion (C) measures users decision
tendency. The effects of training could be to a)
make the user shift the decision Criterion and
thus increasing alertness b) make users increase
sensitivity, separating the two distributions
better and thus improving peoples ability to
distinguish between phishing and legitimate
sites or c) a combination of both.
Game Flow
S. Sheng, B. Magnien, P. Kumaraguru, A. Acquisti,
L. Cranor, J. Hong, and E. Nunge. Anti-Phishing
Phil The Design and Evaluation of a Game That
Teaches People Not to Fall for Phish. Accepted at
SOUPS 2007